Threat Database Ransomware Tastylock Ransomware

Tastylock Ransomware

By GoldSparrow in Ransomware

The Tastylock Ransomware is an encryption ransomware Trojan that seems to be a variant of the CryptoMix Ransomware, also known as the Kill CryptFILe2 Ransomware in one of its latest iterations. The Tastylock Ransomware was released on January 2, 2018, and carries out a typical version of the encryption ransomware tactic, by encrypting the victims' files using a strong encryption algorithm to make the files inaccessible and then demanding the payment of a ransom from the victim. The Tastylock Ransomware seems to be distributed using corrupted spam email attachments, a method seen in most of these attacks. The Tastylock Ransomware will be sent in email messages impersonating legitimate companies such as Facebook or Amazon, and can be recognized because it will lock the victim's files and mark them with the file extension '.tastylock.'

The Bad Taste of a Tastylock Ransomware Attack

The Tastylock Ransomware uses the RSA 2048 encryption, combined with the AES encryption, to make the victim's files inaccessible. The Tastylock Ransomware will attack the computers running the Windows operating system, and is capable of infecting both old and new versions of this operating system. The Tastylock Ransomware encrypts the victim's files and marks them with the file extension '.tastylock.' The Tastylock Ransomware, apart from adding the file extension to each file's name, also will rename the affected files and replace the file's name with a string of random characters. The Tastylock Ransomware targets the user-generated files while avoiding the Windows system files. This is typical of these attacks, which require the victim's computer to remain operational so that the victim can read a ransom note and pay a ransom amount. The following are examples of the types of the files that may be targeted in attacks similar to the Tastylock Ransomware:

.txt, .doc, .docx, .xls, .index, .pdf, .zip, .rar, .css, .lnk, .xlsx, .ppt, .pptx, .odt, .jpg, .bmp, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .bk, .bat, .mp3, .mp4, .wav, .wma, .avi, .divx, .mkv, .mpeg, .wmv, .mov, .ogg, .java, .csv, .kdc, .dxg, .xlsm, .pps, .cpp, .odt, .php, .odc, .log, .exe, .cr2, .mpeg, .jpeg, .xqx, .dotx, .pps, .class, .jar, .psd, .pot, .cmd, .rtf, .csv, .php, .docm, .xlsm, .js, .wsf, .vbs, .ini, .jpeg, .gif, .7z, .dotx, .kdc, .odm, .xll, .xlt, .ps, .mpeg, .pem, .msg, .xls, .wav, .odp, .nef, .pmd, .r3d, .dll, .reg, .hwp, .7z, .p12, .pfx, .cs, .ico, .torrent.

The Tastylock Ransomware will drop multiple copies of a text file named '_HELP_INSTRUCTION.TXT' as soon as the targeted files are encrypted. This ransom note alerts the victim of the attack and demands that the victim contacts the cyber crooks via email. The text contained in the Tastylock Ransomware's ransom note reads:

'All you files an encrypted!
For decrypt write DECRYPT ID to t_tasty@aol.com
YOU DECRYPT-ID-%s number
!!!ATTENTION!!!
Do not change!
Do not move files!
Do not use other programs (they do not work)!
You can lose your files if you do not follow the instructions!'

Protecting Your Data from Threats Like the Tastylock Ransomware

The contents of the Tastylock Ransomware ransom note should be ignored completely. Computer users should avoid establishing contact with the people responsible for this attack. Instead, preemptive measures must be taken to ensure that their data is safe. Unfortunately, once the Tastylock Ransomware has encrypted the victim's files, it is nearly impossible to restore the files without the decryption key. Because of this, the most effective protection against the Tastylock Ransomware and similar threats is to have backup copies of your files. This gives you the ability to restore the files encrypted by the Tastylock Ransomware by replacing them with the backup copy without any need for contacting the people responsible for the attacks. Besides from having file backups, it is also necessary to use a security program to protect your computer from these threats. Also, since the Tastylock Ransomware may be spread using corrupted email attachments, learning to recognize and avoid these tactics is paramount.

Trending

Most Viewed

Loading...